rsync through multiple ssh hops with password authentication prompt

Matt McCutchen hashproduct at
Wed Oct 19 22:34:13 GMT 2005

On Wed, 2005-10-19 at 22:22 +0100, Manuel López-Ibáñez wrote:
> Thanks very much. However, for several reasons, I cannot apply that 
> "trick" in my case. Apart from those reasons, there is no X server on 
> middle or target at all.  [...] And what should I put in $DISPLAY?

Graphical programs find the appropriate X server on which to show their
windows via the $DISPLAY variable.  When you log into X, $DISPLAY is
automatically set to a code for your display, often :0.0, in the
environment of all programs started via X.  Conveniently enough, X
programs communicate with X servers through sockets and ports, and SSH
already has code to forward ports.  When SSH does "X forwarding", it
sets up a virtual display of sorts on the remote machine and points the
remote $DISPLAY to this display.  When you run a remote graphical
program, it reads $DISPLAY and connects to the corresponding port; SSH
is watching this port and redirects the program to the real X server
port on your machine.

In short, you can just tell SSH to do X forwarding and remote graphical
programs will show their windows on "source".  You need not set $DISPLAY
yourself, nor do you need an X server on any machine but "source".

>  Moreover, which password-prompting program 
> should I use? middle is an OpenBSD machine.

SSH usually comes with one of these programs, and it is called
"ssh-askpass" or similar.  My system has a "gnome-ssh-askpass" and even
sets $SSH_ASKPASS automatically to this program.  Failing that, a little
program called Zenity can be scripted to pop up simple dialog boxes; you
might be able to find a BSD version and use "zenity --entry" as your
$SSH_ASKPASS command.

> Finally, I am not sure if your first paragraph means that this is 
> impossible and it won't be implemented in rsync.

I guess an option /could/ be added to rsync to have it send some data
across the network before it begins its protocol, but rsync's job isn't
to handle SSH authentication; it expects to be provided with a working
transport of some kind so that it can synchronize files.  Rsync is not
the only tool that sometimes makes SSH connections without a terminal at
which the user can input the password, which is why there are alternate
techniques like this one, public key authentication, and ssh-agent.
Matt McCutchen, ``hashproduct''
hashproduct at --

More information about the rsync mailing list